/**
 * 
 */
package com.wsd.sys;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;

import com.wsd.bean.Admin;
import com.wsd.util.SysUtil;
import com.wsd.util.log.WsdLogFactory;

/**
 * 用户权限 过滤器
 * @author 小e
 *
 * 2010-1-8 下午08:28:04
 */
public class AuthorityFilter implements Filter {
	public void destroy() {
		
	}

	public void doFilter(ServletRequest rq, ServletResponse rp,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) rq;
		HttpServletResponse response = (HttpServletResponse) rp;
		//GDBAuthorityUtil authorityUtil = (GDBAuthorityUtil)WebApplicationContextUtils.getBean("gdbAuthorityUtil");
		Admin admin = (Admin) request.getSession().getAttribute("admin");
		String requestURI = request.getRequestURI();
		response.setContentType("text/html;charset=utf-8");
		if(requestURI.equals("/wsd/admin/main.jsp") ||requestURI.equals("/admin/main.jsp") ){
			chain.doFilter(rq, response);
			return;
		}
		
		if(admin == null && requestURI.endsWith("jsp") && (requestURI.startsWith("/wsd/admin") || requestURI.startsWith("/admin"))){
			response.getWriter().print("<script>alert('请重新登录!'); </script>");
			return;
		}else{
			chain.doFilter(rq, response);
		}
		/*else{
			
				//判断页面时候存在
				if(authorityUtil.isExist(requestURI)){
					log.info("用户:" + staff.getStaff_name() + " ip:" + request.getRemoteAddr() + "试图访问不存在的页面:" + requestURI);
					response.getWriter().print("<script>alert('对不起无此页面'); document.location = '/GDB_Appraisal/main.jsp'</script>");
					return;
				}
				if(authorityUtil.isAllow2Vist(requestURI, staff.getUser_type_id())){
					chain.doFilter(rq, response);
				}else{
					
					response.getWriter().print("<script>alert('你没有权限访问本页面'); document.location = '/GDB_Appraisal/main.jsp'</script>");
					log.info("用户:" + staff.getStaff_name() + " ip:" + request.getRemoteAddr() + "试图非法访问页面:" + requestURI);
					return;
				}
		}*/
		
		
		
	}

	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub
		
	}


}
